bsherriff/aviation
1
1
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Updated versions

Browse Source
This commit is contained in:
Ben Sherriff
2024-07-12 12:19:08 -04:00
parent 5b99bc85ab
commit 32a0ecc1e6
32 changed files with 1763 additions and 995 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
service/src/auth/mod.rs
View File

@@ -1,6 +1,11 @@
use std::env;
use argon2::{password_hash::{rand_core::OsRng, PasswordHasher, PasswordVerifier, SaltString, Error as HashError}, Argon2, PasswordHash};
use argon2::{
password_hash::{
rand_core::OsRng, PasswordHasher, PasswordVerifier, SaltString, Error as HashError,
},
Argon2, PasswordHash,
};
use jsonwebtoken::{DecodingKey, EncodingKey, Header, encode, decode, Validation, Algorithm};
use serde::{Deserialize, Serialize};
@@ -13,20 +18,20 @@ use crate::error_handler::ServiceError;
#[derive(Debug, Serialize, Deserialize)]
struct TokenClaims {
sub: String, // Subject
token_uuid: String, // Token UUID
iss: String, // Issuer
exp: i64, // Expiration time
iat: i64, // Issued At
nbf: i64 // Not Before
sub: String, // Subject
token_uuid: String, // Token UUID
iss: String, // Issuer
exp: i64, // Expiration time
iat: i64, // Issued At
nbf: i64, // Not Before
}
#[derive(Debug, Serialize, Deserialize)]
pub struct TokenDetails {
pub token: Option<String>,
pub token_uuid: uuid::Uuid,
pub email: String,
pub expires_in: Option<i64>
pub token: Option<String>,
pub token_uuid: uuid::Uuid,
pub email: String,
pub expires_in: Option<i64>,
}
pub fn verify_token(token: &str, public_key: &str) -> Result<TokenDetails, ServiceError> {
@@ -35,7 +40,12 @@ pub fn verify_token(token: &str, public_key: &str) -> Result<TokenDetails, Servi
let decoded = decode::<TokenClaims>(token, &key, &validation)?;
let email = decoded.claims.sub;
let token_uuid = uuid::Uuid::parse_str(decoded.claims.token_uuid.as_str()).unwrap();
Ok(TokenDetails { token: None, token_uuid, email, expires_in: None })
Ok(TokenDetails {
token: None,
token_uuid,
email,
expires_in: None,
})
}
pub fn generate_access_token(email: &str) -> Result<TokenDetails, ServiceError> {
@@ -54,17 +64,22 @@ pub fn generate_refresh_token(email: &str) -> Result<TokenDetails, ServiceError>
.parse::<i64>()
.expect("REFRESH_TOKEN_MAXAGE must be an integer");
let keys_dir = env::var("KEYS_DIR_PATH")?;
let refresh_private_key = std::fs::read_to_string(format!("{}/refresh_private_key.pem", keys_dir))?;
let refresh_private_key =
std::fs::read_to_string(format!("{}/refresh_private_key.pem", keys_dir))?;
generate_token(&email, refresh_token_max_age, &refresh_private_key)
}
pub fn generate_token(email: &str, ttl: i64, private_key: &str) -> Result<TokenDetails, ServiceError> {
pub fn generate_token(
email: &str,
ttl: i64,
private_key: &str,
) -> Result<TokenDetails, ServiceError> {
let now = chrono::Utc::now();
let mut token_details = TokenDetails {
token: None,
token_uuid: uuid::Uuid::new_v4(),
email: email.to_string(),
expires_in: Some((now + chrono::Duration::minutes(ttl)).timestamp())
expires_in: Some((now + chrono::Duration::minutes(ttl)).timestamp()),
};
let claims = TokenClaims {
sub: token_details.email.clone(),
@@ -72,7 +87,7 @@ pub fn generate_token(email: &str, ttl: i64, private_key: &str) -> Result<TokenD
token_uuid: token_details.token_uuid.to_string(),
exp: token_details.expires_in.unwrap(),
iat: now.timestamp(),
nbf: now.timestamp()
nbf: now.timestamp(),
};
let header = Header::new(Algorithm::RS256);
let key = EncodingKey::from_rsa_pem(private_key.as_bytes())?;
@@ -83,10 +98,14 @@ pub fn generate_token(email: &str, ttl: i64, private_key: &str) -> Result<TokenD
pub fn hash_password(password: &[u8]) -> Result<String, HashError> {
let salt = SaltString::generate(&mut OsRng);
Ok(Argon2::default().hash_password(password, &salt)?.to_string())
Ok(
Argon2::default()
.hash_password(password, &salt)?
.to_string(),
)
}
pub fn verify_password(hash: &str, password: &[u8]) -> Result<(), HashError> {
let parsed_hash = PasswordHash::new(hash)?;
Ok(Argon2::default().verify_password(password, &parsed_hash)?)
}
}